Customize Trac "Available Projects" for User
164 views
Skip to first unread message
Aikido Guy
Dec 3, 2014, 4:35:27 PM12/3/14
to trac-...@googlegroups.com
Hi all,
I'm using apache2 and have a number of Trac projects that I now need to manage. I didn't set everything up, by the way.
In any case, I have found the "Available Projects" page that generates (via a Genshi template) the list of available Trac Projects.
I also see (from the python code) that there are 4 things available inside "project". e.g. $project.name, $project.env, etc.
Is there any easy way to answer the question in a Genshi template so that I can hide projects not WIKI_VIEWable by the logged on user?
A "simple" solution would obviously be best in terms of maintainability during the course of Trac upgrades in the future.
Kindly,
Aikido Guy
PS my knowledge of mod_python is also very new, so trying to combine all of these things is difficult for a beginner like me, so please be kind in your responses :)
RjOllos
Dec 5, 2014, 1:01:51 AM12/5/14
to trac-...@googlegroups.com
I'm not sure there is a way to do it, but see this answer:
You could hide the document index and users could navigate among projects using this plugin:
However it doesn't do any permissions checking yet, and I'm not sure that would be possible with all or any authentication mechanisms.
In general, it seems like you'd have to:
- Have a single authentication mechanism for all of the projects (i.e. all use the same password store)
- Open each environment and check whether the use has the WIKI_VIEW permission in that environment, returning a list of URLs that will be rendered to create a project page listing.
... maybe someone else has an idea of whether that could be done.
F@lk
Dec 5, 2014, 2:25:41 AM12/5/14
to trac-...@googlegroups.com
Hi Aikido Guy,
you should always mention what plugin your posting refer here. You're talking about SimpleMultiProjectPlugin, and you've wrote a comment on trac-hacks for it as I noticed in http://trac-hacks.org/ticket/11367#comment:39 , already. At present I don't have much time for Trac development, but your idea is reasonable and likely quite easy to implement. Probably, I find the time during December when I have holidays.
CU, F@lk
P.S.: Look at the SVN commits of TH:#11367, there you can see how it must be done, basically a check is to insert like this:
if self._SmpModel.is_not_in_restricted_users(username, project_info):
return False
you should always mention what plugin your posting refer here. You're talking about SimpleMultiProjectPlugin, and you've wrote a comment on trac-hacks for it as I noticed in http://trac-hacks.org/ticket/11367#comment:39 , already. At present I don't have much time for Trac development, but your idea is reasonable and likely quite easy to implement. Probably, I find the time during December when I have holidays.
CU, F@lk
P.S.: Look at the SVN commits of TH:#11367, there you can see how it must be done, basically a check is to insert like this:
if self._SmpModel.is_not_in_restricted_users(username, project_info):
return False
F@lk
Dec 5, 2014, 2:40:27 AM12/5/14
to trac-...@googlegroups.com
Hi,
I have a short check and at least you can switch the whole project list page off by not giving PROJECT_SETTINGS_VIEW permission to users who aint administrators.
CU, F@lk
I have a short check and at least you can switch the whole project list page off by not giving PROJECT_SETTINGS_VIEW permission to users who aint administrators.
CU, F@lk
Aikido Guy
Dec 5, 2014, 12:12:48 PM12/5/14
to trac-...@googlegroups.com
F@lk said:
You're talking about SimpleMultiProjectPlugin
In that track ticket, yes, I see that is covers SimpleMultiProjectPlugin. If I understand correctly, that plugin is used when one wants multiple projects within one Trac environment. Sorry for posting to that ticket. That is not my scenario (as long as I understand correctly!)
a) authentication prior to/at the project listing page
b) checking permission for each project by reading their Trac db for every access to the project listing
For (a), yes I have authentication before any entry into the Trac pages.
For (b), yes, this is what I think needs to be done in my case. I can read/write code, I am just new to Trac/mod_python/Genshi... so pointers about how to patch things are welcome so that this can get done.
As your boss or yourself, what it is really worth.
Umm... yes, this feature is really worth it for me/us. Nothing about projects should be shown to a user without at least WIKI_VIEW privilege in the Trac environment under consideration. I am currently ok if a user can guess a project's URL and a WIKI_VIEW access denied message is shown, but I am not ok if a user sees all projects in the "Available Projects" list because then they learn about the existence of a project which we want to make "harder than easy to do" :)
RjOllos wrote:
You could hide the document index and users could navigate among projects using this plugin:
http://trac-hacks.org/wiki/ProjectMenuPlugin
Thanks for the suggestion. Perhaps in the future this could be an option, but I just want to restrict the list in "Available Projects". Mainly because once a user has selected a project to work on, they will not usually need to easily move to another project. In any case, in my view, it is better to make it a "little bit hard" to move between projects so that users have to make an effort to make a mistake about which project they are working on :)
All suggestions/pointers/corrections definitely welcome! I'm quite stuck at this point...
Kindly,
AikidoGuy
Ryan Ollos
Dec 5, 2014, 4:43:09 PM12/5/14
to trac-...@googlegroups.com
On Fri, Dec 5, 2014 at 9:12 AM, Aikido Guy <aiki...@gmail.com> wrote:
As your boss or yourself, what it is really worth.Umm... yes, this feature is really worth it for me/us. Nothing about projects should be shown to a user without at least WIKI_VIEW privilege in the Trac environment under consideration. I am currently ok if a user can guess a project's URL and a WIKI_VIEW access denied message is shown, but I am not ok if a user sees all projects in the "Available Projects" list because then they learn about the existence of a project which we want to make "harder than easy to do" :)
Just to be sure, you have a multiproject - multienvironment setup and you are concerned about users seeing the page that displays "Available Projects" when you navigate to the base URL?
I haven't tried this, but it looks like you could probably just use a custom template that doesn't list the projects:
http://trac.edgewall.org/wiki/TracInterfaceCustomization#ProjectList
http://trac.edgewall.org/wiki/TracInterfaceCustomization#ProjectList
Aikido Guy
Dec 8, 2014, 3:14:44 PM12/8/14
to trac-...@googlegroups.com, ryan.j...@gmail.com
On Friday, December 5, 2014 4:43:09 PM UTC-5, RjOllos wrote:
Just to be sure, you have a multiproject - multienvironment setup and you are concerned about users seeing the page that displays "Available Projects" when you navigate to the base URL?
Yup
On Friday, December 5, 2014 4:43:09 PM UTC-5, RjOllos wrote:
I haven't tried this, but it looks like you could probably just use a custom template that doesn't list the projects:
http://trac.edgewall.org/wiki/TracInterfaceCustomization#ProjectList
Yup... I saw that too. But, as per my original post, I do not know how to add the appropriate check into the Genshi template. Hence, I was hoping for some possible pointers from people on this list. I can get the project's environment, but I do not know how to get the current user nor how to query for WIKI_VIEW permission.
Any further help from the mailing list would be much appreciated!
Kindly,
Aikido Guy
Aikido Guy
Sep 15, 2015, 3:07:29 PM9/15/15
to Trac Users, ryan.j...@gmail.com
Hi everyone!
Just wanted to let you know that I have solved my problem by implementing a custom solution.
Thanks for all of the pointers and help!
Kindly,
Aikido Guy
Reply all
Reply to author
Forward
0 new messages